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(54) Secure retrieval of data from a stored database 

(57) A process is disclosed for retrieving data from a database stored in a fixed disc 3 for display on the screen of a VDU I 
or printing at a printer 9. Fields in each retrieved database record are stored in a RAM 4 in the form of a virtual screen 41 
which is similar to a screen layout for the VDU 6 except that physical constraints are not taken into account up to preset 
large dimensions, in this case 256 rows, each having 256 character locations. Blocks 44 within the virtual screen 41 are 
selected for display to give the effect of a window or viewport on the virtual screen 41 . Versatility in security of data fields i 
achieved by comparisons between a user security level and a separate security level value for each individual field. 
According to the comparison, a control unit 2 selects which fields are written to a screen memory 8 or printed and which 
may be written to in the RAM 4. 
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" Retrieval of data from a stored database" 

The invention relates to the retrieval of data from a stored 
database. 

5 At present, it is necessary to divide relatively large 
database records into a number of separate screen layouts 
viewed as panels because of the physical size limitations of 
video screens. For example, where a database record includes, 
say 25 data fields, it may be necessary to have up to four 

10 separate panels for displaying of this data on retrieval from 
the storage device. Because each screen layout must be 
processed separately in random access memory and screen 
memory, the storage, retrieval and display of data in this 
manner requires considerable processing time. Further, a 

15 large amount of time is required of a user for inputting data 
to the database and in reading the data on retrieval. 

If some data fields are to be kept secret from certain users, 
this is achieved by a password system which prevents display 
of panels including such fields. This is clearly inconvenient 
20 where the panel includes other fields which should be viewed 
by a user and results in failure to achieve optimum use of 
computerised databases by a group of people. 



- 2 - 



The present invention is directed towards providing for data 
retrieval from a database in a simple manner with relatively 
little processing required of a control unit. Another object 
is to achieve a clear presentation of retrieved data. A 
5 further object is to achieve security and confidentiality of 
selected data fields in an optimum manner without affecting 
retrieval of other data fields. 

According to the invention, there is provided a process 
carried out by a control unit of a computerised apparatus for 
0 retrieval of data from a stored database, the apparatus 
further comprising a permanent storage device storing the 
database, a random access memory circuit, a user input 
interface, a visual display unit having a video controller and 
a screen memory; the process comprising the steps of : - 

5 writing a user-requested database record containing data 

fields from the permanent storage device to the random 
access memory circuit, including the sub-step of writing 
the fields in a virtual screen format of a plurality of 
rows of character locations, the number of rows and of 

:0 locations per row being independent of physical 

constraints of the screen of the visual display unit, 

determining boundary locations for a block of the virtual 
screen to be initially displayed on the visual display 
unit; 



retrieving a user security level valve from the permanent 
storage device; 

for each field of the virtual screen in turn, retrieving 
a security level value; 

comparing the. field and user security level values; 

determining according to the comparison if the field is 
an open field which may be displayed or a closed field 
which may not be displayed at the visual display unit; 

writing open fields within the block of the virtual 
screen defined by the boundary locations to the screen 
memory for display under direction of the video 
controller; 

for each open field, determining according to the 
comparison if the field is a fixed field which may not 
be written to by a user or a variable field which may be 
written to; 

preventing transmission of write instructions to fixed 
fields in the random access memory circuit; and 
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writing an updated block of the virtual screen to the 
screen memory on receipt of user input of updated block 
boundary locations of the virtual screen. 

In one embodiment , the apparatus further comprises a printer 
5 and a printer controller, and the process comprises the 
further steps of the control unit directing retrieval by the 
printer controller of data for printing from the screen 
memory . 

Ideally, each database record also includes output definition 
10 parameter values defining block boundary locations, and the 
step of the control unit determining boundary locations 
comprises the sub-step of reading the output definition 
parameter values in the database record. 

Preferably, the output definition parameter values also 
15 include the field security level values for data fields within 
the record. 

The invention will be more clearly understood from the 
following description of some preferred embodiments thereof, 
given by way of example only with reference to the 
20 accompanying drawings in which:- 
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Fig. 1 is a schematic representation of a computerised 
apparatus for storage of a database and retrieval of 
data; 

Fig. 2 is a flow diagram illustrating operation of the 
5 apparatus ; 

Fig. 3 is a diagrammatic view of a virtual screen stored 
in the apparatus; and 

Figs. 4(a) to 4(c) are diagrammatic representations of 
data fields displayed on a visual display unit screen. 

10 Referring to the drawings, and initially to Fig. 1, there is 
illustrated a computerised apparatus of the invention , 
indicated generally by the reference numeral 1 . The apparatus 
1 is for storage of a database and for retrieval of data for 
viewing or amendment by a user. For clarity, the parts of the 

15 apparatus 1 not essential to the carrying out of the invention 
are not illustrated. However, these will be readily 
understood by those skilled in the art . 

The apparatus 1 comprises a microprocessor control unit 2 
connected to a permanent storage device, namely, a fixed disc 
20 3 and to a random access memory circuit 4 via a memory bus 5. 
The apparatus 1 also includes a visual display unit (VDU) 6 
which is controlled by a video controller 7 connected to a 
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screen memory 8, which is in turn connected to the control 
unit 2. The apparatus 1 also includes a printer 9 controlled 
by a printer controller 10 connected to the control unit, and 
a keyboard 11 connected to a keyboard encoder 12. 

In this embodiment, the fixed disc 3 has a capacity of 40 
Mbytes, however, it is envisaged that it may be larger or 
smaller as desired. In particular, it is envisaged that one 
way of achieving a much higher storage capacity is to connect 
the memory bus 5 to a file server where up to 300 Mbytes of 
capacity may be achieved. The random access memory circuit 4 
has a capacity of 1 Mbyte. 

Referring to Figs. 2 to 4, operation of the apparatus 1 is 
illustrated in detail. Initially, a request is received at 
the keyboard 11 for viewing of at least some of the data 
15 fields in the stored database. When such a request is 
received, the control unit 2 retrieves the relevant record 
and writes it to the random access memory circuit 4 . 

Referring again to Fig. 1, a number of database records 40 are 
illustrated in diagrammatic form stored in the random access 
20 memory circuit 4. Each database record 40 comprises a set of 
output definition parameter values which define the manner in 
which the database records should be outputted to a user. 
This part of the record is represented by the numeral 42. in 
addition, each record 40 includes a plurality of data fields 
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made up of descriptive text and a variable value associated 
with the text* The set of data fields in a record is stored 
by the control unit 2 in the random access memory 4 in a 
virtual screen format 41 of a plurality of rows of character 
5 locations in which the number of rows and the number of 
locations per row are independent of physical constraints of 
the screen of the visual display unit 6. In this embodiment, 
the virtual screen may have the dimensions of up to 256 
characters per row and 256 rows whereas the screen of the VDU 

10 6 can display only 25 rows, with 80 characters per row. The 
process steps involved in creating the virtual screen 41 are 
similar to those used for creating a panel for display on the 
screen, the difference being that the size of the panel is not 
limited by the physical constraints of the screen of the VDU 

15 6 (25 rows, 80 character locations per row). 

The step of writing the database records to the random access 
memory circuit 4 is represented by the step 20 in Fig. 2 and 
in step 21, the control unit 2 reads block boundary locations 
from the parameter value section 42, The block boundary 

20 locations are character locations which usually define a 
rectangular block in the virtual screen 41, which block is 
equal to or less then the maximum block size which may be 
displayed on the screen of the VDU 6. Blocks 44 are 
represented schematically in Fig. 3 in a virtual screen 41. 

25 The boundary locations which are stored are the initial 
boundary locations which define the block which should be 
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initially displayed on the VDU 6. In may cases the block will 
be in the top left-hand section of a virtual screen 41. 
Needless to say, if there are very few data fields, the 
virtual screen 41 may take up less space than the physical 
size of the screen of the VDU 6, in which case the boundary 
locations are redundant. 



10 



In step 22, the control unit 2 retrieves a user security level 
value from the fixed disc 3 via the random access memory 
circuit 4. Before requesting to view data, the user must 
input a password, which password is used by the control unit 
2 to retrieve a security level value. In this embodiment, 
there are 100 security level values between 0 and 99, 0 giving 
maximum access to data and 99 giving least access. In Fig. 1, 
user security level values 43 are illustrated stored in the 
15 random access memory circuit 4. 



The output parameter value section 42 of the database record 
40 also includes a security level value for each field of that 
record. Again, the field security level values range between 
0 and 99, 0 representing the most secretive field and 99 
representing the least secretive. After retrieving the user 
security level value, the control unit 2 retrieves for each 
field of the record in turn, the field security level value 
and compares the two values in step 24. In step 25, the 
control unit 2 determines if the user security level value is 
less than or equal to the field security level value. if so, 
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that particular field is designated in step 27 as an "open 
field", which means that the field may be displayed. If not, 
the field is designated in step 26 as a "closed field" which 
may not be displayed. If the field is open, in step 28 the 
5 control unit 2 determines if the user security level value is 
less than the field security level value. If not (ie they are 
equal) the field is designated in step 29 as a "fixed field" 
which means that while the field may be displayed on a screen, 
it may not be written to for amendment. If the user value is 
10 less than the field value, the field is designated in step 30 
as a "variable field" which may not only be displayed but may 
also be amended by the user by write instructions to the 
random access circuit 4. 

In step 31, the control unit 2 determines if all of the fields 
15 have been designated, and if not the procedure is repeated for 
the next field in the database record 40. When all of the 
fields have been designated, the control unit 2 writes a block 
44 which is defined by the boundary locations stored in the 
output definition parameter value section 42 to the screen 
20 memory 8. The block which is written to the screen memory 8 
only includes open fields . Neither the text or the data value 
of a closed field is transmitted to the screen memory 8. When 
the block is transmitted to the screen memory 8, the video 
controller 7 simply retrieves the block from the screen memory 
25 8 as if it were a conventional panel for display on the VDU 6 
and is not required to operate in a non-conventional manner. 
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If instructions are received at the keyboard 11 from the user 
for writing to fields which are open and are thus seen by the 
user, but which have been designated as being fixed, the 
control unit 2 prevents write instructions being transmitted 
5 to the random access memory circuit 4 to prevent amendment of 
the fixed field data values. This is illustrated in step 33. 

Referring to Fig. 4, three sample blocks 44 of a virtual 
screen 41 as seen by a user on the VDU 6 are illustrated. 
There are five fields in this portion of the virtual screen 41 
10 as follows:- 



15 



Field Description 

Name 

Address 

Telephone Number 
Medical Record 
Salary 



Field Security Level Value 
99 
80 
80 
10 
1 



The block 44 illustrated in Fig. 4(a) is for a user with a 
security level value 0. Because 0 is less than or equal to 
all of the field security level values, all of the fields are 
open and may be viewed. Further, because 0 is less than all 
of the field security level values, all of the fields are 
variable and the control unit 2 allows write instructions to 
these fields in the random access memory circuit 4. 
Typically, a user with a security level value 0 would be the 
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most senior person in an organisation. Fig. 4(b) represents 
a situation where the user security level value is 1 and 
again, all of the fields are open and are thus visible. 
However, the salary field also has a security level value of 
5 1 and thus, while this field is open, it is designated as 
being fixed and may not be written to. Typically, a user 
having a security level value 1 would be, say, a personnel 
manager. Fig* 4(c) represents the situation where a user has 
a security level value of 50. This value is not less than or 

10 equal to the values for the salary and medical record fields 
and accordingly these fields are closed and are not displayed 
and accordingly they may not be amended. It will be noted 
that not only is the data not displayed, but the descriptive 
part of the field is not illustrated so that the user having 

15 a security level value of 5 0 does not even know that this 
information is stored on the database. This is a particularly 
important aspect of the invention as it significantly reduces 
the incentive to circumvent security of the apparatus 1 . If 
the control unit 2 receives a request from a user at the 

20 keyboard 11 for printing of data fields, the control unit 2 
directs delivery of data to the printer controller 10 directly 
from the screen memory 8 . Accordingly data is delivered for 
printing in the same manner as it is for display. 

When the control unit 2 has delivered a block 44 of the 
25 virtual screen 41 to the screen memory 8, it may receive (in 
step 34) at the keyboard 11 updated block boundary locations 
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defining an updated block. The control unit 2 then transmits 
open data fields within the updated block boundary conditions 
to the screen memory 8. 

It will be appreciated that excellent versatility is achieved 
as only those fields which are to be kept secret from a user 
are deleted from a displayed screen, all other information 
required by a user being available. This is an important 
feature of the invention, particularly where there are a 
relatively large amount of users who require data from the 
stored database. 

It will also be appreciated that because each database record 
is stored in the form of a virtual screen, the user is not 
required to view a succession of different panels but in 
effect regards his screen as a viewport or window which allows 
him view any portion of a large screen as desired. This is a 
simple concept for a user which provides for more speedy 
viewing of a database record. Further, less processing time 
is required because the control unit 2 is not required to 
store and retrieve separate screen layouts in the RAM 4 and 
the screen memory 8 updating and switching between different 
panels. Further, creation of a database record in this manner 
is also considerably simpler than heretofore. 



The invention is not limited to the embodiment hereinbef 
described, but may be varied in construction and detail. 
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CLAIMS 

1. A process carried out by a control unit of a computerised 
apparatus for retrieval of data from a stored database, 
the apparatus further comprising a permanent storage 
device storing the database, a random access memory 
circuit, a user input interface, a visual display unit 
having a video controller and a screen memory; the 
process comprising the steps of 

writing a user-requested database record containing 
data fields from the permanent storage device to the 
random access memory circuit, including the sub-step 
of writing the fields in a virtual screen format of 
a plurality of rows of character locations , the 
number of rows and of locations per row being 
independent of physical constraints of the screen of 
the visual display unit, 

determining boundary locations for a block of the 
virtual screen to be initially displayed on the 
visual display unit; 

retrieving a user security level valve from the 
permanent storage device; 



- 14 - 



for each field of the virtual screen in turn , 
retrieving a security level value; 

comparing the field and user security level values; 

determining according to the comparison if the field 
is an open field which may be displayed or a closed 
field which may not be displayed at the visual 
display unit; 

writing open fields within the block of the virtual 
screen defined by the boundary locations to the 
screen memory for display under direction of the 
video controller; 

for each open field, determining according to the 
comparison if the field is a fixed field which may 
not be written to by a user or a variable field 
which may be written to; 

preventing transmission of write instructions to 
fixed fields in the random access memory circuit; 
and 

writing an updated block of the virtual screen to 
the screen memory on receipt of user input of 
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updated block boundary locations of the virtual 
screen. 

A process as claimed in claim 1, wherein the apparatus 
further comprises a printer and a printer controller, and 
the process comprises the further steps of the control 
unit directing retrieval by the printer controller of 
data for printing from the screen memory* 

A process as claimed in claims 1 or 2, wherein each 
database record also includes output definition parameter 
values defining block boundary locations, and the step of 
the control unit determining boundary locations comprises 
the sub-step of reading the output definition parameter 
values in the database record. 

A process as claimed in claim 3, wherein the output 
definition parameter values also include the field 
security level values for data fields within the record. 

A process substantially as hereinbefore described with 
reference to and as illustrated in the accompanying 
drawings . 
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